Cybercriminals are moving away from mass phishing campaigns
Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed …
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine …
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into …
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model …
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s …
Identity theft is turning into a chain reaction for victims
For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft …
Scams now operate like real businesses with budgets and targets
Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global …
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These …
Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup
Fans looking for tickets, accommodation and match broadcasts are already encountering scams tied to the 2026 FIFA World Cup. The 2026 FIFA World Cup will bring millions of …
52% of direct-to-IP threats are missing from intelligence feeds
Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where …
Most pros have seen AI hallucinations in IT operations
Autonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to …
OAuth marketplace apps keep access after publishers vanish
Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI …
Featured news
Resources
Don't miss
- Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)
- How to use NIST and ISO frameworks to govern AI agents
- The assembly line behind 1.5 million malicious domains
- AI sovereignty makes data centers strategic targets for cyber operations
- CISA orders federal agencies to “patch smarter”